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AMENDMENTS TO THE CLAIMS 

1 . (Currently Amended) A method of controlling usage of network resources on a 
communications network based on the identity of an authenticated user, the method comprising 
acts of: 

(a) creating one or more packet rules for analyzing packets received at one or more 
devices of the communications network, each rule including a condition and action to be taken if 
a packet received at a device satisfies the condition; 

(b) storing the one or more packet rules; 

(c) creating one or more service abstractions, each service abstraction representing a 
named set of one or more of the packet rules; 

(d) storing the one or more service abstractions; and 

(e) associating one or more of the service abstractions with an authenticated user of the 
communications networ k to control usage of network resources on the commimications network . 

2. (Previously presented) The method of claim 1, further comprising an act of: (f) configuring a 
network device of the communications network with one or more packet rules according to at 
least one of the service abstractions. 

3. (Previously presented) The method of claim 2, wherein the act (f) comprises: configuring a 
port module of a switching device of the communications network with one or more packet rules 
according to at least one of the service abstractions. 

4. (Cancelled) 

5. (Previously presented) The method of claim 1, further comprising an act of: (f) distributing 
the one or more service abstractions to one or more network devices residing on the 
conmiunications network, 

6. (Cancelled) 

7. (Previously presented) The method of claim 1, further comprising an act of: (f) creating one or 
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more role abstractions associated with an authenticated user, each role abstraction representing a 
role of the user with respect to the communications network, and each role abstraction including 
a set of one or more service abstractions. 

8. (Previously presented) The method of claim 7, further comprising an act of: (g) configuring a 
network device of the communications network with one or more packet rules according to one 
of the role abstractions. 

9. (Previously presented) The method of claim 8, wherein act (g) comprises: configuring a port 
module of a switching device of the communications network wdth one or more packet rules 
according to one of the role abstractions. 

10. (Cancelled) 

1 1 . (Previously presented) The method of claim 7, further comprising an act of: (g) distributing 
the one or more role abstractions to one or more network devices residing on the 
communications network. 

12. (Cancelled) 

13. (Cxirrently Amended) A system for controlling usage of network resources on a 
conrniunications network based on the identify of an authenticated user, the system comprising: 

a rule editing module to create one or more packet rules for analyzing packets received at 
one or more devices of the commimications network, each rule including a condition and action 
to be taken if a packet received at a device satisfies the condition; 

a service editing module to create one or more service abstractions associated with an 
authenticated user of the commimications networ k for controlling usage of network resources on 
the communications network, each service abstraction representing a named set of one or more 
of the packet rules; and 
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storage means for storing one or more created service abstractions or one or more created 
packet rules. 

14. (Original) The system of claim 13, further comprising: logic to configure a network device 
with one or more packet rules according to at least one of the service abstractions. 

15. (Original) The system of claim 14, wherein the logic comprises: port configuration logic to 
configure a port module of a switching device with one or more packet rules according to at least 
one of the service abstractions. 

16. (Cancelled) 

17. (Original) The system of claim 13, further comprising: a distribution module to distribute the 
one or more service abstractions to one or more network devices residing on the commvinications 
network. 

18. (Cancelled) 

19. (Previously presented) The system of claim 13, further comprising: a role editing module to 
create one or more role abstractions associated with an authenticated user, each role abstraction 
representing a role of an authenticated user with respect to the communications network, and 
each role abstraction including a set of one or more service abstractions. 

20. (Original) The system of claim 19, further comprising: logic to configure a network device 
with one or more packet rules according to one of the role abstractions. 

21. (Original) The system of claim 20, wherein the logic comprises: port configuration logic to 
configure a port module of a switching device with one or more packet rules according to one of 
the role abstractions. 

22. (Cancelled) 
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23. (Original) The system of claim 19, further comprising: a distribution module to distribute the 
one or more role abstractions to one or more network devices residing on the communications 
network. 

24. (Cancelled) 

25. (Cancelled) 

26. (Currently Amended) A computer program product, comprising: a computer readable 
mediiim; and computer readable signals stored on the computer readable medium that define 
instructions that, as a result of being executed by a computer, instruct the computer to perform a 
process of controlling usage of network resources on a conmiunications network based on the 
identity of an authenticated user, the process comprising acts of: 

(a) creating one or more packet rules for analyzing packets received at one or more 
devices of the communication network, each rule including a condition and action to be taken if 
a packet received at a device satisfies the condition; 

(b) storing the one or more packet rules; 

(c) creating one or more service abstractions associated with an authenticated user of the 
communications network for controlling usage of network resources on the communications 
network, each service abstraction representing a named set of one or more of the packet rules; 
and 

(d) storing the one or more service abstractions. 

27. (Currently Amended) A method of controlling usage of network resources on a 
communications network based on the identity of an authenticated user, the method comprising 
acts of: 

(a) defining one or more packet rules for analyzing packets received at one or more 
devices of the communication network, each rule including a condition and action to be taken if 
a packet received at a device satisfies the condition; 

(b) providing the one or more packet rules; 

(c) defining one or more role abstractions associated with an authenticated user, each role 
abstraction representing a role of an authenticated user with respect to the communications 
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networ k for controlling usage of network resources on the communications network, and each 
role abstraction including a set of one or niore packet rules; and 
(d) providing the one or more role abstractions. 

28. (Previously presented) The method of claim 27, further comprising an act of: (e) configuring 
a network device of the communications network with one or more packet rules according to one 
of the role abstractions. 

29. (Previously presented) The method of claim 28, wherein act (e) comprises: configuring a 
port module of a switching device of the commxmications network with one or more packet rules 
according to one of the role abstractions. 

30. (Cancelled) 

3 1 . (Previously presented) The method of claim 27, further comprising an act of: (e) distributing 
the one or more role abstractions to one or more network devices residing on the 
communications network. 

32. (Cancelled) 

33. (Currently Amended) A system for controlling usage of network resources on a 
conmumications network based on the ind e ntity identity of an authenticated user, the system 
comprising: 

a rule editing module to create one or more packet rules for analyzing packets received at 
one or more devices of the commxmications network, each rule including a condition and action 
to be taken if a packet received at a device satisfies the condition; 

a role editing module to create one or more role abstractions associated with an 
authenticated user, each role abstraction representing a role of an authenticated user with respect 
to the communications network for controlling usage of network resources on the 
commxmications network, and each role abstraction including a set of one or more packet rules; 
and 
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storage means for storing one or more created role abstractions or one or more created 
packet rules. 

34. (Original) The system of claim 33, further comprising: logic to configure a port module of a 
network device with one or more packet rules according to one of the role abstractions. 

35. (Original) The system of claim 34, wherein the logic comprises: port configuration logic to 
configure a port module of a switching device with one or more packet rules according to one of 
the role abstractions. 

36. (Cancelled) 

37. (Original) The system of claim 33, further comprising: a distribution module to distribute the 
one or more role abstractions to one or more network devices residing on the communications 
network. 

38. (Cancelled) 

39. (Cancelled) 

40. (Currently Amended) A computer program product, comprising: a computer readable 
medium; and computer readable signals stored on the computer readable medixmi that define 
instructions that, as a result of being executed by a computer, instruct the computer to perform a 
process of controlling usage of network resources on a communications network bzised on the 
ind e ntit vi dentitv of an authenticated user, the process comprising acts of: 

(a) creating one or more packet rules for analyzing packets received at one or more 
devices of the communications network, each rule including a condition and action to be taken if 
a packet received at a device satisfies the condition; 

(b) storing the one or more packet rules; 

(c) creating one or more role abstractions associated with an authenticated user, each 
role abstraction representing a role of an authenticated user with respect to the communications 
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networ k for controlling usage of network resources on the communications network, and each 
role abstraction including a set of one or more packet rules; and 
(d) storing the one or more role abstractions. 
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